AlmaLinux 2321 Published by

AlmaLinux has been updated with several security enhancements, including kernel and python security updates:

ALSA-2024:8162: kernel security update (Moderate)
ALSA-2024:8447: python3.12 security update (Moderate)
ALSA-2024:8446: python3.9 security update (Moderate)




ALSA-2024:8162: kernel security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-10-25

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746)
* kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)
* kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658)
* kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (CVE-2024-35989)
* kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385)
* kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)
* kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (CVE-2024-36978)
* kernel: net/mlx5: Add a timeout to acquire the command queue semaphore (CVE-2024-38556)
* kernel: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (CVE-2024-39483)
* kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)
* kernel: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CVE-2024-40959)
* kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)
* kernel: sched: act_ct: take care of padding in struct zones_ht_key (CVE-2024-42272)
* kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-8162.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8447: python3.12 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-10-24

Summary:

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix.

Security Fix(es):

* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-8447.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8446: python3.9 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-10-24

Summary:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-8446.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team